Логотип exploitDog
source:"redhat"
Консоль
Логотип exploitDog

exploitDog

source:"redhat"

Количество 39 979

Количество 39 979

redhat логотип

CVE-2002-1151

почти 23 года назад

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.

EPSS: Низкий
redhat логотип

CVE-2002-1148

почти 23 года назад

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

EPSS: Средний
redhat логотип

CVE-2002-1146

почти 23 года назад

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

EPSS: Низкий
redhat логотип

CVE-2002-1132

почти 23 года назад

SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.

EPSS: Низкий
redhat логотип

CVE-2002-1131

почти 23 года назад

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.

EPSS: Низкий
redhat логотип

CVE-2002-1126

около 23 лет назад

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.

EPSS: Низкий
redhat логотип

CVE-2002-1119

около 23 лет назад

os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.

EPSS: Низкий
redhat логотип

CVE-2002-1091

почти 23 года назад

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

EPSS: Низкий
redhat логотип

CVE-2002-1090

больше 23 лет назад

Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.

EPSS: Низкий
redhat логотип

CVE-2002-0989

почти 23 года назад

The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.

EPSS: Низкий
redhat логотип

CVE-2002-0986

почти 23 года назад

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

EPSS: Низкий
redhat логотип

CVE-2002-0985

почти 23 года назад

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

EPSS: Низкий
redhat логотип

CVE-2002-0972

почти 23 года назад

Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad.

EPSS: Низкий
redhat логотип

CVE-2002-0970

почти 23 года назад

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

EPSS: Низкий
redhat логотип

CVE-2002-0875

больше 23 лет назад

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

EPSS: Низкий
redhat логотип

CVE-2002-0871

почти 23 года назад

xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.

EPSS: Низкий
redhat логотип

CVE-2002-0855

около 23 лет назад

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.

EPSS: Средний
redhat логотип

CVE-2002-0846

около 23 лет назад

The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.

EPSS: Низкий
redhat логотип

CVE-2002-0844

около 23 лет назад

Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.

EPSS: Низкий
redhat логотип

CVE-2002-0843

почти 23 года назад

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
redhat логотип
CVE-2002-1151

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.

3%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-1148

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

37%
Средний
почти 23 года назад
redhat логотип
CVE-2002-1146

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

10%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-1132

SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.

1%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-1131

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.

2%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-1126

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.

1%
Низкий
около 23 лет назад
redhat логотип
CVE-2002-1119

os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.

0%
Низкий
около 23 лет назад
redhat логотип
CVE-2002-1091

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

5%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-1090

Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.

1%
Низкий
больше 23 лет назад
redhat логотип
CVE-2002-0989

The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.

5%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-0986

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

6%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

1%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-0972

Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad.

0%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-0970

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

2%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-0875

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

1%
Низкий
больше 23 лет назад
redhat логотип
CVE-2002-0871

xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.

0%
Низкий
почти 23 года назад
redhat логотип
CVE-2002-0855

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.

20%
Средний
около 23 лет назад
redhat логотип
CVE-2002-0846

The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.

7%
Низкий
около 23 лет назад
redhat логотип
CVE-2002-0844

Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.

0%
Низкий
около 23 лет назад
redhat логотип
CVE-2002-0843

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

3%
Низкий
почти 23 года назад

Уязвимостей на страницу